Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/ce5ca6-f939-4fd7-b9f8-0a1ef0ec0578/1/gvZ-9GaaBLHUQOeM7ECy3k_jUR8.roa
File:                     gvZ-9GaaBLHUQOeM7ECy3k_jUR8.roa (raw, json)
Hash identifier:          wJDkLQX/FRIbynTd8SPl0B5WY0r76353Ble7rOLEaM0=
Subject key identifier:   82:F6:7E:F4:66:9A:04:B1:D4:40:E7:8C:EC:40:B2:DE:4F:E3:51:1F
Certificate issuer:       /CN=e6688ae96323c1fcfab54b294557397b49b03bc7
Certificate serial:       018CC3B696F8893CCBBDC9A7A9A307D1A724
Authority key identifier: E6:68:8A:E9:63:23:C1:FC:FA:B5:4B:29:45:57:39:7B:49:B0:3B:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5miK6WMjwfz6tUspRVc5e0mwO8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/ce5ca6-f939-4fd7-b9f8-0a1ef0ec0578/1/gvZ-9GaaBLHUQOeM7ECy3k_jUR8.roa
Signing time:             Mon 01 Jan 2024 06:29:32 +0000
ROA not before:           Mon 01 Jan 2024 06:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39405
IP address blocks:        185.146.41.0/24 maxlen: 24
                          185.146.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/ce5ca6-f939-4fd7-b9f8-0a1ef0ec0578/1/5miK6WMjwfz6tUspRVc5e0mwO8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/ce5ca6-f939-4fd7-b9f8-0a1ef0ec0578/1/5miK6WMjwfz6tUspRVc5e0mwO8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5miK6WMjwfz6tUspRVc5e0mwO8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:96:f8:89:3c:cb:bd:c9:a7:a9:a3:07:d1:a7:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6688ae96323c1fcfab54b294557397b49b03bc7
        Validity
            Not Before: Jan  1 06:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82f67ef4669a04b1d440e78cec40b2de4fe3511f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d5:c0:49:91:31:f5:43:bd:0e:28:9c:55:d1:
                    ae:01:34:95:6b:40:42:13:80:ba:c8:94:72:c4:3f:
                    81:74:04:38:65:a1:79:4a:34:22:0b:fc:34:9b:e9:
                    54:ad:55:e7:5a:54:b5:85:e4:36:4e:ee:40:05:ed:
                    50:c5:ef:6a:b5:22:eb:e2:f5:af:8f:39:06:1c:13:
                    b3:bc:af:76:7a:ad:be:f6:57:f6:97:88:21:2e:57:
                    63:8c:a7:9b:d8:e5:89:56:a2:ad:21:96:a1:9a:a9:
                    7b:82:dd:11:6f:62:2a:7b:db:df:c4:83:0d:c0:2d:
                    12:c0:12:58:d4:ba:f5:54:53:ed:eb:45:e5:58:5b:
                    46:50:1d:2c:3b:c8:a9:2a:bf:57:84:a0:45:91:f9:
                    7e:18:dc:80:ee:5d:af:7f:40:6b:4b:7b:a6:8d:b6:
                    14:18:7b:17:61:cb:b4:eb:18:04:50:12:8a:55:15:
                    e5:0a:df:e2:ab:0e:ae:8b:08:81:25:01:3d:68:ab:
                    25:81:54:96:4e:99:24:7b:a8:3f:ea:83:6e:e7:c5:
                    92:57:f1:dc:8a:ec:71:a5:34:ca:56:3c:5d:1d:a7:
                    c0:4f:3d:1a:7c:da:b3:fd:8e:62:06:7f:36:bb:4a:
                    14:06:78:f9:7f:53:7f:49:c0:41:5d:95:44:f7:2e:
                    0d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:F6:7E:F4:66:9A:04:B1:D4:40:E7:8C:EC:40:B2:DE:4F:E3:51:1F
            X509v3 Authority Key Identifier:
                keyid:E6:68:8A:E9:63:23:C1:FC:FA:B5:4B:29:45:57:39:7B:49:B0:3B:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5miK6WMjwfz6tUspRVc5e0mwO8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/ce5ca6-f939-4fd7-b9f8-0a1ef0ec0578/1/gvZ-9GaaBLHUQOeM7ECy3k_jUR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/ce5ca6-f939-4fd7-b9f8-0a1ef0ec0578/1/5miK6WMjwfz6tUspRVc5e0mwO8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.41.0-185.146.42.255

    Signature Algorithm: sha256WithRSAEncryption
         14:6e:6f:bb:b2:01:0d:2d:8e:51:c6:a2:5d:d7:fd:76:06:d5:
         ca:11:2e:d0:1c:85:50:72:87:16:da:d7:40:2c:e3:65:39:45:
         d8:9e:31:5c:4d:19:68:e3:03:21:14:7f:52:c2:26:a0:5e:53:
         8e:02:01:fa:b7:b8:7e:68:00:81:df:b9:ca:fc:a1:02:20:b4:
         d6:88:09:e3:3e:a1:cc:28:e1:52:4b:cd:c3:63:cf:e7:91:8a:
         7c:26:af:bc:8c:eb:59:b0:ce:e0:cc:34:34:1d:dc:e9:69:b2:
         a8:9a:2d:f2:82:c4:0f:c6:4f:56:f4:ac:cb:3a:fe:25:ba:76:
         38:94:64:2f:bc:36:6d:36:df:24:9a:be:84:5e:bf:3f:23:c4:
         86:fd:25:9b:58:0e:b3:a6:d1:b8:86:ef:13:da:a9:cc:ad:d9:
         f9:2e:49:93:91:68:31:23:12:91:f2:44:bf:4d:20:f4:47:d7:
         a2:00:81:9c:c2:02:5b:3d:6f:b7:9b:47:f2:1f:c0:a5:66:de:
         00:e7:4c:28:ac:cb:f1:88:bb:b3:01:f9:5e:a8:dc:dd:7f:0c:
         67:49:ef:61:ca:62:6b:e5:7b:3f:6c:1c:3f:2e:0f:34:73:78:
         e8:0b:af:e9:88:9f:e1:7a:d2:91:76:13:e2:60:7a:7d:21:d0:
         e9:d7:1a:46
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDtpb4iTzLvcmnqaMH0ackMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2Njg4YWU5NjMyM2MxZmNmYWI1NGIyOTQ1NTczOTdiNDli
MDNiYzcwHhcNMjQwMTAxMDYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmY2N2VmNDY2OWEwNGIxZDQ0MGU3OGNlYzQwYjJkZTRmZTM1MTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdXASZEx9UO9DiicVdGuATSVa0BC
E4C6yJRyxD+BdAQ4ZaF5SjQiC/w0m+lUrVXnWlS1heQ2Tu5ABe1Qxe9qtSLr4vWv
jzkGHBOzvK92eq2+9lf2l4ghLldjjKeb2OWJVqKtIZahmql7gt0Rb2Iqe9vfxIMN
wC0SwBJY1Lr1VFPt60XlWFtGUB0sO8ipKr9XhKBFkfl+GNyA7l2vf0BrS3umjbYU
GHsXYcu06xgEUBKKVRXlCt/iqw6uiwiBJQE9aKslgVSWTpkke6g/6oNu58WSV/Hc
iuxxpTTKVjxdHafATz0afNqz/Y5iBn82u0oUBnj5f1N/ScBBXZVE9y4NzwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIL2fvRmmgSx1EDnjOxAst5P41EfMB8GA1UdIwQY
MBaAFOZoiuljI8H8+rVLKUVXOXtJsDvHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNW1pSzZXTWp3Zno2dFVzcFJWYzVlMG13TzhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9jZTVjYTYtZjkzOS00ZmQ3LWI5Zjgt
MGExZWYwZWMwNTc4LzEvZ3ZaLTlHYWFCTEhVUU9lTTdFQ3kza19qVVI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9jZTVjYTYtZjkzOS00ZmQ3LWI5ZjgtMGExZWYwZWMwNTc4
LzEvNW1pSzZXTWp3Zno2dFVzcFJWYzVlMG13TzhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5kikD
BAC5kiowDQYJKoZIhvcNAQELBQADggEBABRub7uyAQ0tjlHGol3X/XYG1coRLtAc
hVByhxba10As42U5RdieMVxNGWjjAyEUf1LCJqBeU44CAfq3uH5oAIHfucr8oQIg
tNaICeM+ocwo4VJLzcNjz+eRinwmr7yM61mwzuDMNDQd3OlpsqiaLfKCxA/GT1b0
rMs6/iW6djiUZC+8Nm023ySavoRevz8jxIb9JZtYDrOm0biG7xPaqcyt2fkuSZOR
aDEjEpHyRL9NIPRH16IAgZzCAls9b7ebR/IfwKVm3gDnTCisy/GIu7MB+V6o3N1/
DGdJ72HKYmvlez9sHD8uDzRzeOgLr+mIn+F60pF2E+Jgen0h0OnXGkY=
-----END CERTIFICATE-----